Ratel

Ratel is a new system which provides the capability to run unmodified x86-64 Linux binaries within Intel SGX enclaves. Ratel enables dynamic binary translation (DBT) inside SGX enclaves, i.e., it changes the program execution on-the-fly to be compatible with SGX abstractions. Specifically, Ratel enables DynamoRIO inside SGX enclaves. Ratel has a small trusted codebase (about 20KLOC) inside the enclave and has the potential to enable cross-platform binary compatibility.

Before we begin with Ratel

Ratel runs on Intel(R) SGX enclaves on Linux platforms. Ratel works on the x86-64 architecture and is currently tested on Ubuntu 16.04 (both server and desktop version), with Linux kernel versions 4.15.0. Before you start using Ratel, you should setup a stable Intel SDK developement environment. Then you can quickly test Ratel with applications. Please follow the instructions below, to setup Intel SGX environment and Ratel on your system.

The Linux SGX developer environment comprises of hardware with SGX support, bios support for SGX, the SGX driver, the SGX SDK, and the SGX Platform Software. Out of these, the hardware support depends on your processor and the BIOS support is provided by the vendor. The SGX driver, SDK and PSW are provided by Intel.

Hardware support and BIOS setting

• SGX supported hardware.
• Ensure that you have enabled SGX support in your BIOS.
• Run the test-sgx.c code from here to quickly check if SGX is available for your CPU and enabled in BIOS.

Software Requirements

One of the following operating systems should be installed on your machine.

• Ubuntu* Desktop-16.04-LTS 64bits.
• Ubuntu* Server-16.04-LTS 64bits.

Installation and usage

1. Build and install Intel SGX driver, modified SDK, modified PSW, Ratel with the auto installation script

   https://github.com/ratel-enclave/ratel#building-intelr-sgx-dependencies-and-ratel-with-auto-installation-script

2. Manually Build and install Intel SGX driver, modified SDK, modified PSW

   https://github.com/ratel-enclave/ratel#building-with-intelr-sgx-dependencies

3. Manually Build and install Ratel

   https://github.com/ratel-enclave/ratel#building-and-setting-ratel-sgx

4. Run Ratel with applications

   https://github.com/ratel-enclave/ratel#how-to-run-an-application-with-ratel

Benchmarks and applications

Currently we have tested Ratel with 6 benchmark suites :

  * Parsec-Splash-2
  * SPEC CPU
  * HBench-OS
  * IOzone
  * FSCQ File system
  * FSCQ single-system call

We have run following real world applications successfully with Ratel :

  * Privado-Torch
  * Lighttpd
  * H2O
  * Memcached
  * SQLite
  * CURL

The related benchmarks and applications can be accessed from here.

Current status

Ratel is under active development and a research prototype at this stage. Please use at your own risk. Please check out the list of benchmarks / applications we have successfully tested this far. We invite contributions from the community and have a long wish list of features and stability improvements. Please contact us (see below) if you wish to talk to us.

Features included in this prototype release : support for program loading, around 220 Linux system calls, basic syscall error-handling, memory management, multi-threading, signals, and mutex synchronization primitives.

Ratel Team

We are researchers from NUS and UC Berekely:

• Shweta Shinde
• Jinhua Cui
• Satyaki Sen
• Prateek Saxena
• Pinghai Yuan

Contact us

For any questions or bug reports, please feel free to write to ratel.enclave@gmail.com or post an issue on our GitHub repository: https://github.com/ratel-enclave/ratel/issues.

Industry Partners

• Anqlave